LuxSci Business Associate Agreement (BAA)

For Customers with HIPAA Compliance Needs

How is LuxSci HIPAA Compliant?

LuxSci has been offering services that can be used in a
HIPAA-compliance context since 2008. LuxSci's services contain (as
included or optional features) all of the appropriate controls that may be
required or desired to help you meet your business' HIPAA-compliance
requirements. These include items such as: transport encryption with appropriate
ciphers, at-rest encryption, software and hardware firewalls, intrusion
detection, anti-virus scanning, server segmentation, unique access
controls and access auditing, breach reporting, proper media disposal,
disaster-recovery plans, etc.

Furthermore, LuxSci performs its own:

Yearly internal HIPAA review

Yearly external HIPAA review (ask for a letter of attestation)

Yearly internal risk analysis

Yearly risk analysis of all of the services it provides

Yearly risk analysis of vendors and partners

Yearly penetration tests

Weekly external and internal network and vulnerability scans of all servers

Frequent external vulnerability scans of luxsci.com from by 2 different vendors

Continuous internal staff training on security and HIPAA

... and much more

Vendors' BAA

As required by HIPAA, LuxSci has explicit Business Associate Agreements
in place with all its vendors that could come into contact with your ePHI. They
include:

LuxSci BAA

LuxSci customers with HIPAA accounts must
read, agree to, sign, and return LuxSci's HIPAA Business
Associate Agreement and Account Restrictions Agreement. This version is
updated with the provisions required by the Omnibus Final Rule.

Customers with HIPAA accounts can read these agreements and fill out
the form to signify their agreement to these terms of service and to
include their written signature, captured using LuxSci's Ink Signature technology.

Who should sign? To ensure HIPAA compliance, an officer of
your organization with legal right to enter into a HIPAA Business
Associate Agreement should be the one to sign. If you have someone
without sufficient authority sign (a Webmaster, for instance) the
agreement, then it's possible you're failing to properly meet your
obligations under HIPAA.

Can I modify the BAA? LuxSci does not generally accept
customer-suggested modifications to its HIPAA BAA. For customers with a
strong need, we do have a fee-based to pay for reviewing your BAA change
requests; the changes may or may not be permitted. LuxSci ensures that the
spirit of its BAA is consistent across all customers so that LuxSci can
consistently abide by the terms of the BAA without needing to refer to
many various contracts for every situation that may arise.

Agreements

YES, I have read and
agree with the Business Associate and Account
Restrictions Agreements.*